"We have to recognize that this is going to be an ongoing problem," Koskinen testified at a Feb. 10 Senate Financial Services Committee hearing, adding that IRS systems are attacked or pinged 1 million times a day. "The caliber of the enemy we are facing is increasingly more sophisticated and more global. We're dealing with organized crime syndicates all around the world."

On Feb. 9, the IRS said it identified and halted a January attack, generated by an automated bot, on its Web application that taxpayers use to produce personal identification numbers for electronic tax filings. Using personal information stolen elsewhere, the attackers used malware to produce electronic filing PINs so they could file for false tax refunds, according to an IRS statement.

Notifying Taxpayers

The IRS says it's notifying affected taxpayers by mail that their personal information was used in the latest attempt to access the IRS application. The agency says it's protecting those taxpayers' accounts by "marking them to protect against tax-related identity theft."

IRS Commissioner John Koskinen discusses watching the movements of cybercriminals.

The IRS says it identified unauthorized attempts involving some 464,000 Social Security numbers, including 101,000 that were used to successfully access e-file PINs. No personal taxpayer information was compromised or disclosed from IRS systems. "They weren't cyber breaches in the sense that our database was accessed," Koskinen says.

Both attacks represent "sophisticated forms of ID theft," the commissioner says. "The criminals already had all of the personal info of the taxpayer they needed."

Koskinen told the Senate panel the IRS over the past year has toughened its cyberdefenses, in part, through knowledge garnered from an information-sharing program established last year with tax-filing providers and states' taxing authorities. "We have been attempting to move from being solely reactive to pulling together the resources we need and the partnerships we need to try to get ahead of the game, get a head of where the criminals are going," he said.

Seasonal Attacks

Attacks on the IRS and tax-preparation companies are seasonal events. "Such operations are especially common starting in January and February, when many employers and financial institutions, among other entities, distribute tax documents," according to iSight Partners, a cyberthreat analysis company. "Fraudulent tax filings in the U.S. will likely increase over the next months leading to the tax deadline."

A year ago, tax preparation software provider Intuit temporarily suspended electronic filings via its TurboTax offering because the service experienced a dramatic increase in suspicious filings and criminal attempts to leverage stolen identities in order to claim tax refunds.

"It is axiomatic that we and every financial institution in the world are under attack," Koskinen says. "That's because criminals already have a vast amount of personal information and they're trying to figure out how to monetize that information."

Security Controls' Deficiencies

Though the attacks on the IRS' e-file PIN application and Get Transcript did not involve a breach of core IRS databases that store details on taxpayers' personal information and finances, a November audit by the Government Accountability Office took the tax agency to task for deficiencies in internal information security controls, including missing security updates, insufficient audit trails and monitoring for certain key systems and the use of weak passwords (see GAO: Taxpayer Data at Increased Risk).

"Until IRS takes the necessary steps to address these control deficiencies, its financial and taxpayer data will remain at increased risk of inappropriate and undetected use, modification or disclosure," Cheryl Clark, GAO director of financial management and assurance, said in the audit report.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;